On Thu, Jul 15, 2004 at 11:20:46PM +0200, Peter Eisentraut wrote: > Magnus Hagander wrote: > > This one makes it mandatory to pick some kind of authentication. If > > that's not wanted, it's easy to change it to default to trust (which > > I think is wrong, but we've been through that already..) > > I don't think I like any of this. Sooner rather than later, people need > to look at pg_hba.conf and think about it. I don't like switches that > induce them to skip that step. And I certainly don't like forcing > extra switches on users that just try out an installation locally.
I agree with this sentiment. On the spanish list is common to see people trying to do things on an RPM-installed server, which is configured to use IDENT by default, and asking why they cannot connect. The answer is always to look at pg_hba.conf and the relevant documentation. If it were my choice, I'd disallow connections by default completely, and spit a reject message along the lines of "you should have a look at pg_hba.conf". -- Alvaro Herrera (<alvherre[a]dcc.uchile.cl>) "Uno combate cuando es necesario... ¡no cuando está de humor! El humor es para el ganado, o para hacer el amor, o para tocar el baliset. No para combatir." (Gurney Halleck) ---------------------------(end of broadcast)--------------------------- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])